f



VPN Client can't see internal network

Hi, Hopefully someone may be able to help me. I have a remote user
(User6) with a VPN client connecting to my PIX OK, but when he tries
to PING or access server 172.29.11.250 the PINGs fail ; I see no debug
info on the PIX. When he PINGs the outside interface ip address I see
the debug but it is coming from the IP address of the remote user ISP
- not the IP address allocated from the VPN POOL. The PIX itself can
PING 172.19.11.250 and this device can PING the PIX... TIA, Ned

network-object 123.233.0.0 255.255.0.0
  network-object 99.19.0.0 255.255.0.0
  network-object host 89.234.51.114
access-list 102 permit ip 192.168.2.0 255.255.255.0 192.168.1.0
255.255.255.0
access-list 102 permit tcp object-group NEW-HOSTS host 67.192.238.228
object-group RFID-PREMISE
access-list 102 permit icmp object-group NEW-HOSTS host 67.192.238.228
access-list 102 deny tcp any host 67.192.238.228
access-list 102 permit tcp any any eq www
access-list 102 permit icmp any any
access-list 102 permit ip 172.20.0.0 255.255.0.0 172.30.0.0
255.255.0.0
access-list 102 permit ip 172.20.0.0 255.255.0.0 172.29.0.0
255.255.0.0
access-list 102 permit ip 172.20.0.0 255.255.0.0 19.168.1.0
255.255.255.0
access-list 102 permit ip 172.29.0.0 255.255.0.0 19.168.1.0
255.255.255.0
access-list 80 permit ip host 172.29.11.250 host 172.20.1.1
access-list 80 permit ip host 172.29.11.250 host 172.20.1.2
access-list 80 permit ip host 172.29.11.250 host 172.20.1.3
access-list 80 permit ip host 172.29.11.250 host 172.20.1.4
access-list 80 permit ip host 172.29.11.250 host 172.20.1.5
pager lines 24
logging on
logging buffered debugging
mtu outside 1500
mtu inside 1500
mtu appla 1500
ip address outside 67.192.238.226 255.255.255.248
ip address inside 192.168.1.254 255.255.255.0
no ip address appla
ip audit info action alarm
ip audit attack action alarm
ip local pool minevpn 192.168.2.1-192.168.2.100
ip local pool applapool1 172.20.1.1-172.20.1.100
pdm history enable
arp timeout 14400
global (outside) 1 67.192.238.227
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 67.192.238.228 192.168.1.2 netmask
255.255.255.255 0 0
route outside 0.0.0.0 0.0.0.0 67.192.152.1 1
route inside 172.29.0.0 255.255.0.0 192.168.1.253 1
....
vpngroup user5 address-pool minevpn
vpngroup user5 idle-time 600
vpngroup user5 password ********
vpngroup user6 address-pool applapool1
vpngroup user6 idle-time 600
vpngroup user6 password ********
vpngroup user7 address-pool applapool1
vpngroup user7 idle-time 600
vpngroup user7 password ********

I have tried with NO NAT on and off, but results are always the same

nat (inside) 0 access-list 80

0
nedtrilby (36)
8/16/2007 1:34:27 PM
comp.dcom.sys.cisco 25313 articles. 0 followers. Post Follow

1 Replies
678 Views

Similar Articles

[PageSpeed] 39

did you check the routing table on the client? You should have other
routes available when the VPN client is connected.

Do you see a route for the subnet you want to reach?

benner

0
benner
8/17/2007 10:07:05 AM
Reply:

Similar Artilces:

VPN Clients can't see internal network
I'm using XP Pro as a VPN Server and when a client logs in, it cannot ping other machines on the network, only the VPN Server. My searches on google have produced reams of discussions, but nothing that seems pertinent. My experience is that complex problems have simple solutions but I don't even know where to start looking. Anybody have some ideas for me to try? Thanks, -- Gerald On Tue, 20 Apr 2004 18:08:31 GMT, Gerald Meazell <gmeazell@swbell.net> wrote: >I'm using XP Pro as a VPN Server and when a client logs in, it cannot >ping other mach...

PPTP VPN client can make connection but can't see network resources
Hi, I am trying to setup a VPN between my home and the office and can only get it partially working. Office ------- * Small network connected to the internet by a Draytek router (Draytek 2600). * Draytek router has an inbuilt VPN server which is setup and running. Home ----- * Win98 Box. Have installed VPN client and can successfully attach to the Draytek routers VPN server across the intenet and get access to all the office network resources. This was very simple to do and works fine. * SUSE Linux box. Have installed pptp and can establish a connection to the Draytek routers VPN server over the internet but can't get access to any of the office network resources. Can succesfully ping the Draytek over the VPN connection on 192.168.1.1 but can't ping any other computer on the office network. * At home my Win98 box and SUSE Linux box are connected to the Internet through a Dlink router with VPN passthrough enabled. Can anyone shed any light on why I can connect to the Draytek VPN server on my Linux Box but can't see or ping any of the computers hanging off it. Win98 VPN client does it fine so all the hardware side seems to be able to communicate ok. Thanks in advance for any suggestions. JP ...

Help
I'm having a hell of a time setting up remote VPN users using the Sonicwall Global VPN client (ver 2.0.0.113). Our network has three mail offices, Chicago (192.168.4.0), San Diego (192.168.2.0) & Wash DC (192.168.3.0). San Diego & Wash DC both have T1's with a SonicWall Pro 100 in NAT mode. The Chicago office has a multi T internet connection with a Sonicwall Pro 330 in NAT mode. I have a Hub-n-Spoke VPN WAN between the sites with Chicago being the hub. From my workstation I can ping anything on the whole network, the VPN's between the sites are working great. The problem is with a remote VPN user. I've setup the GroupVPN on each Sonicwall with the default LAN gateway pointing the that sonicwall's internal IP address, the VPN terminates at the LAN, & Forward packets from remote VPNs is on. Under the client setting, Set Default Route as this Gateway is set to ON & Allow Traffic is set to Any destination. A remote user can link to their Sonicwall (Chi, San Diego or DC) and see anything on the network (all subnets). However, the use can't see the internet. I understand that all internet traffic is being routed thru the VPN. What seems to be happening is that none of the internet traffic is being sent back to the remote user or it's never getting past the Sonicwall. Another odd thing was when I set the VPN to terminate at the DMZ or DMZ/LAN, the SonicWall would freeze and the only way to get back was to...

Cisco 1811 K9- VPN clients can connect, but can't connect or ping to computers
I have an 1811 that I use as a firewall. Last Friday I configured a site to site VPN for a vendor to do offsite backups. Ever since then, remote users have reported that they successfully connect their VPN clients, but all traffic (email, remote desktop) is denied. Any ideas? On Jan 30, 3:30=A0pm, Pappy <sodapopsa...@gmail.com> wrote: > I have an 1811 that I use as a firewall. =A0Last Friday I configured a > site to site VPN for a vendor to do offsite backups. =A0Ever since then, > remote users have reported that they successfully connect their VPN > clients, but all traf...

Can't See Internal Network: ASA 5505
Hello All, I have an ASA 5505 conntected at a client and I can access the internet with no problem. However, I can't see/peruse their internal network. Below is the config. Will you give me a critic of the config and a possible explanation why I can't see the internal network? I have yet to try VPN. Also, this client previously had a Pix 501 and the config needed a "isakmp nat-traversal 1200" line in the config. When I put the same line in the ASA config, I couldn't access the internet. Without the line, I can. Again, will you give me an explanation as to why. Any further info needed will be provided. Regards, Buck : ASA Version 7.2(3) ! hostname xxxx domain-name xxxxxxxx enable password EPFuQGl0PmoKEsli encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address dhcp setroute ****client is using DYNDNS**** ! interface Vlan3 no forward interface Vlan1 nameif dmz security-level 50 no ip address ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! passwd 1uciNxnXZFirVGRB encrypted ftp mode passive dns server-group DefaultDNS domain-name xxxxxx access-list xxxxx_splitTunnelAcl standard permit any access-list xxxxx_splitTunnelAcl_1 standard permit any access-list ins...

Cisco VPN Client Can't Access LAN
Anyone, I would like to seek help from this resourceful forum: I have Cisco router configured using Linux based FreeRadius and have Cisco VPN Client to access to LAN from Internet. The connection works fine, but I cannot access any LAN resources, nor pinging LAN's ips. The configuration on Router is: E0 --> 10.10.10.2, cross-over connected with FW port1 of 10.10.10.1 ip local pool xxx 192.168.1.1 192.168.1.100 ip route 0.0.0.0 0.0.0.0 10.10.10.1 On FW port1, all ports open inside/out for testing. Also on FW, routing is set to have 192.168.1.0/24 routing to 10.10.10.1 While...

wireless clients can't see local network
Hi. Our network configuration consists of a cable modem and a wireless router with several ethernet ports. An iMac, a Time Capsule, and a printer are connected via the ethernet ports. Several MacBooks are connected via WiFi. All the Macs can see the Internet. The (hardwired) iMac can see the local network. However, the MacBooks cannot see the local network at all. Rebooting the MacBooks was of no avail. Any thoughts about why this might be so? How would one fix this? Thanks. -- Art Werschulz (agw STRUDEL comcast.net) .... insert clever quote here ... Art Werschulz wrote: > Any thoughts about why this might be so? How would one fix this? Since you did not say the model of wirless router, all we can do is guess. Some routers have the option of preventing the wireless users from seeing the wired ones. Make sure it is not turned on. You'll probably have to look at the manual for the router. In case anyone wonders why you would want it, it would be useful in a place where the wired computers share the internet connection with visitors who use wifi. For example, in a small business where the office computers are wired and the wifi is for customers. You would not want a customer to be able to sit in the waiting room, or at a table and hack into your cash register. Geoff. -- Geoffrey S. Mendelson, N3OWJ/4X1GM My high blood pressure medicine reduces my midichlorian count. :-( In article <m2wrasza65.fsf@comcast.net>, Art Werschulz <agw@comc...

PIX VPN can't access internal network
Hi I havve a bit of a problem that I hope that somone will help me with.. I can connect with the vpn client thru my second ISP line on work but not fra home.. Wenn I connect I can't access the internal network (no ping etc..) This is my config : Saved : Written by enable_15 at 22:44:36.762 UTC Fri Aug 4 2006 PIX Version 6.3(4) interface ethernet0 auto interface ethernet1 100full interface ethernet2 auto shutdown nameif ethernet0 outside security0 nameif ethernet1 inside security100 nameif ethernet2 intf2 security4 enable password *************** encrypted passwd *************** encryp...

Cisco VPN client access to PIX501's internal network
Hi, I have a PIX501 (PIX1) in front of some servers. The servers are accessed thug some VPN tunnels (site to site) and it works perfect. 8 site to site tunnels at the moment. Now I also want to use a Cisco VPN Client, but I am a little unsure how to do it whit out breaking any of the existing functionality. I just want to be able connecting the 192.168.1.0 network with an VPN client. would this work, I think it maybe destroy the existing tunnels?: ---------------------------- access-list no-nat-vpn permit ip 192.168.1.0 255.255.255.0 172.16.31.0 255.255.255.0 access-list vpn-cryptomap permit ip any 172.16.31.0 255.255.255.0 access-list 199 permit ip 192.168.1.0 255.255.255.0 172.16.31.0 255.255.255.0 ip local pool vpn-pool 172.16.31.1-172.16.31.254 nat (inside) 0 access-list no-nat-vpn sysopt connection permit-ipsec crypto ipsec transform-set esp-aes-256 esp-3des esp-md5-hmac crypto dynamic-map vpn-dynamic 188 match address vpn-cryptomap crypto dynamic-map vpn-dynamic 188 set transform-set esp-aes-256 crypto map ipsec 65535 ipsec-isakmp dynamic vpn-dynamic crypto map ipsec client authentication LOCAL crypto map ipsec interface outside isakmp enable outside isakmp identity address isakmp nat-traversal 188 isakmp policy 10 authentication pre-share isakmp policy 10 encryption 3des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 1000 vpngroup imxxx address-pool vpn-pool vpngroup imxxx dns-server 195.xx.xx.2 2xx.xx.xx5.86 vpngroup imxxx idl...

ASA 5505 Remote Access VPN: client can not see internal network
Hi, I'm trying to setup a Cisco ASA 5505 with remote access VPN following the configuration example from the Cisco web site. Client from the VPN Connects, however, users can not see the inside network, does not PING etc. Funny thing is once the VPN connects, the inside net work can ping the VPN client. ASA Config: ciscoasa# sh run : Saved : ASA Version 8.0(4)32 ! hostname ciscoasa enable password 9jNfZuG3TC5tCVH0 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface Vlan1 nameif inside security-level 100 ip address 192.168.254.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address 172.16.254.2 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 shutdown ! interface Ethernet0/4 shutdown ! interface Ethernet0/5 shutdown ! interface Ethernet0/6 shutdown ! interface Ethernet0/7 shutdown ! ftp mode passive access-list nat0 extended permit ip 192.168.254.0 255.255.255.0 10.1.1.0 255.255.255.0 access-list nat0 extended permit ip 192.168.254.0 255.255.255.0 192.168.254.0 255.255.255.0 access-list testvpn_splitTunnelAcl standard permit 192.168.254.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 192.168.254.0 255.255.255.0 10.1.1.0 255.255.255.240 access-list inside_access_in extended permit icmp any any log debugging access-list outside_access_in extended permit icmp any any pager lines 24 logging enable logging asdm informational mtu in...

Cisco VPN Client V3.6 can't connect to Server.
I am using a CISCO VPN Client dailer V3.6 and it works at many place for connecting to my own company's server. But now I am working at a client site, the only port opened for getting out firewall is 8000. CISCO's VPN dialer can't connect to Internet because it does not use the port 8000(?). People who are using different VPN dialer was able to connect, all they did is to provide proxy server and port number in the ini file. I wonder if there is a way to tell CISCO VPN Client to use different proxy/port instead of the default one. Any help? Thanks! Keith ...

SQL Server Management Studio can't 'see' the 2005 engine?? But can see 2000 ?!?
Hello, I had SQL2000 server running fine on the windows 2003 box. I then installed SQL 2005 Express. They both worked together fine. I then uninstalled SQL 2005 Express and installed SQL 2005 Server. But when I open SQL Server Management Studio, I can only connect to the SQL 2000 engine. In the Object explorer, it says v8.0.2039 (which I think is SQL 2000 Server, because I can see the existing SQL 2000 databases). How can I get SQL Server Management Studio to 'see' the SQL 2005 database engine so I can create tables? I *think* its running because there is the 'sqlservr.exe' process running, and during installation there is no issues. When I open SQL Server Management Studio, I choose 'Database Engine', then my local Servername with Windows Authentication. How do I connect to the SQL 2005 instance? Thanks, Jack. Jack (jack@nospam.com.uk) writes: > I had SQL2000 server running fine on the windows 2003 box. I then > installed SQL 2005 Express. They both worked together fine. I then > uninstalled SQL 2005 Express and installed SQL 2005 Server. But when I > open SQL Server Management Studio, I can only connect to the SQL 2000 > engine. In the Object explorer, it says v8.0.2039 (which I think is SQL > 2000 Server, because I can see the existing SQL 2000 databases). > > How can I get SQL Server Management Studio to 'see' the SQL 2005 > database engine so I can create tables? I *think* its running because &...

can't see other networks on my cisco 3640 router (runing config inc.)
hi folks, I have several networks connecting to my 3640, I have a PIX 501e which is 1.1.1.2. The PIX NAT's addresses to 1.1.1.2 for clients which have an internal 192.168.0.0 address. This all works fine when connecting clients to the internet. But I cannot access any of the other networks (1.1.1.x, 2.2.2.x, 3.3.3.x) from a client on 192.168.0.0, I can however ping the interfaces 1.1.1.1, 2.2.2.2, 3.3.3.3, this I think would point to an issue on the router and not on the PIX since traffic is getting to the router but not further. What is wrong? thanks Dave ____________________________...

Sitting behind a local pix501 and can't access an external site with Pix501 from Cisco VPN CLient- why?
The authentication seems to connect, but in fact I can't ping a device on the external net. If I move to an Internet connection without a Pix501, I don't have troubles gettting in contact with the other sites computers. Any help would be appreciated! regards simon This is my local configuration: PIX Version 6.3(3) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 enable password 5ViKLM5iSpXLc81D encrypted passwd 5ViKLM5iSpXLc81D encrypted hostname pix domain-name cmedia fixup protocol dns maximum-length 512 fi...

can't connect to cisco 837 easy vpn <-> Client ver 3.6
Hi, trying to connect to my Cisco 837 easy vpn server w/a Cisco vpn client version 3.6.4 w/ no luck. I wrote the config file myself based on what i as able to find on the net. the errors i am getting on the client side are: 1 19:11:59.698 12/16/03 Sev=Warning/2 IKE/0xE300007C Exceeded 3 IKE SA negotiation retransmits... peer is not responding 2 19:11:59.748 12/16/03 Sev=Warning/3 DIALER/0xE3300008 GI VPNStart callback failed "CM_PEER_NOT_RESPONDING" (16h). my config file is as follows: ! version 12.3 no service pad service timestamps debug uptime service timestam...

Can't see print preview and can't print under Lexmark Z32!
Hi, I face a problem that my customer using lexmark z32 USB prot printer, clarion 5.5 can't generate print preview and can't to printer also. Does anybody face this problem before? How to solve this problem? TQ. Best Regards, Nelson ...

config.sys corrupted; can't fix; can't start windows 2000
The computer attempts to open windows 2000 pro and gets hung up with the message that winn config.sus is corrupted. I tried booting from the win 2000 cd-rom and then creating floppy boot disks. The computer won't recognize or run off of these. Rename the Config.sys file in the root directly to ConfigOLD.sys. See if the machine will boot without it for now. Any release of NT should be able to. If you work out for sure that the Config.sys file is faulty, you can go in with your text editor, and troubleshoot it. You will need the base knowledge to work in this file. Jerry G. ======== labogart@juno.com (labogart) wrote in message news:<b8b70ec1.0408220100.5875b5c4@posting.google.com>... > The computer attempts to open windows 2000 pro and gets hung up with > the message that winn config.sus is corrupted. I tried booting from > the win 2000 cd-rom and then creating floppy boot disks. The computer > won't recognize or run off of these. ...

Can't see all of the queries when merging to MS Word and can't get to reports
I'm working with a database developed by an untrained person over several years - and on a network that has recently been upgraded with a new server installed and MS office upgraded from 2K (I think - it might have been XP) to 2003. The database is impressive, both in what it does and the obtuse and inconsistent ways it works. There are several hundred queries, for example, with no indication of where they are used or if they are in fact necessary at all... The database is for the local Hospice service, and their entire operation is based on it - from patient records to donations. The database was developed in Access 2K and has not been converted, so it's being opened as an Access 2000 database in Access 2003. I tried converting to 2003, and didn't see any change in the bothersome behavior. There are several letters in MS Word that use the database as the source data for mail merges. Until the conversion, everything worked fine, but with the conversion, it became necessary to specify new locations for the source data for the merges. In MS Word 2003, when I try to open a new datasource, I can specify the MS Access database, but the format of the dialog box is significantly different than I am used to. I am presented with a list of "Views" and tables, with the Views apparently corresponding to the queries in the database. The difficulty is that, unlike in Access 2K, I don't seem to be seeing any query that contain parameters - at least I thin...

Can't talk between VPN'd client and Linux server.
Hello, I have two Linux servers running the latest AS Redhat. My VPN server is a basic Windows 2003 machine, supporting pptp, (I don't have certificate installed yet for l2tp) Client machine is Windows XP. All patches/updates have been applied to all machines. These machines are all running on the same departmental level subnet. Client attaches to VPN without issue, makes pptp connection, and I can see all windows based resources on the local network. I can ping other windows machines, I can connect to shares, I can access web pages which are ordinarily blocked by the firewall... With the exception of my two Linux machines. >From my VPN machine, I can ping/connect to the web services/ssh to the two linux machines, I can do the same from any local windows client. >From the linux machine, I can ping all the local windows servers/clients. However, I cannot ping the VPN client from the linux machines (I can ping, and as I write this, I am connected to the VPN client via remote desktop, from this local machine), nor can I pull up the web page hosted on the linux machine. Now here it gets even worse. If I connect to the main campus VPN connection, then I CAN see the web page hosted on the linux machines (I cannot ping though, as ICMP is blocked at our department firewall...) Any help would be greatly appreciated!! This forum is for Windows Firewall Discussion. You may wish to post this to microsoft.public.win2000.networking. And to try to be of help, you ...

my computers can't see each other on network
Hi- Having a bit of trouble getting my computers to talk. I have one box running 2003 server, other xp pro. I can't get them to see each other-they are showing the same ip(firewall and router), and the nics are functioning. I have tried the methods of adding network places in my 2003 book, but the path name is not found \\computername\share isn't working. Anyone? Thanx Mucho ...

Can't see Domain through VPN
I have successfully set up a IPSec Tunnel between a Linksys BEFVP41 (at office) and Linksys BEFSX41 (at home). Both computers I use at work and home use Windows XP Professional. I know the tunnel is functioning because I can see and access my workgroup at home. I changed my work computer from it's normal domain to my home workgroup and had fun watching everything work as it was supposed to. I set my work computer back to it's domain and had high hopes of success when I got home. The problem is that my home computer doesn't show my office domain in network places and, a...

Can't see files on the network
This is driving me nuts. The VERY FIRST thing I did when I got my Mac was to connect to the PC on the network. I moved all my Firefox and Thunderbird files over to the Mac. Then the PC was turned off for 2 years. :D I've turned it back on now and I CANNOT see the files from either side. Both sides show the other machine. When I try to see the files from either side, I'm asked for a password. I haven't set one on either share on the PC side. I don't remember how I made a shared folder on the Mac side.... The PC is part of a workgroup called MalcolmO. It also sees a work...

AirPort can't see any networks?
There's about four SSID's in the area, so there's no lack of signals to try. Yet every so often when my clamshell 10.3.x iBook comes out of sleep there's a LONG delay before the Airport icon appears and then nothing -- no networks to select from. Anyone seen this before? Any advice? It was working last night, now nothing. Maury ...

can't see other pc on network
Hi I have 2 pcs running xp pro connected to each other via a hub. the hub is then connected to a broadband router, and this setup was working fine, except that we had a lot of issues with our isp. We changed to a new isp but couldn't connect via the speedtouch broadband router, but can connect on 1 pc using the usb broadband modem the new isp sent to us. The problem now is that the two pcs can't see each other at all, although they are both connected to the hub. I have gone through the network troubleshooter, and tried renaming the computers. They are both in MSHOME workgroup, b...

Web resources about - VPN Client can't see internal network - comp.dcom.sys.cisco

Resources last updated: 3/28/2016 6:44:24 PM